Visible to the public Biblio

Found 1012 results

Filters: First Letter Of Title is C  [Clear All Filters]
A B [C] D E F G H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
Lecuyer, Mathias, Atlidakis, Vaggelis, Geambasu, Roxana, Hsu, Daniel, Jana, Suman.  2019.  Certified Robustness to Adversarial Examples with Differential Privacy. 2019 IEEE Symposium on Security and Privacy (SP). :656–672.
Adversarial examples that fool machine learning models, particularly deep neural networks, have been a topic of intense research interest, with attacks and defenses being developed in a tight back-and-forth. Most past defenses are best effort and have been shown to be vulnerable to sophisticated attacks. Recently a set of certified defenses have been introduced, which provide guarantees of robustness to norm-bounded attacks. However these defenses either do not scale to large datasets or are limited in the types of models they can support. This paper presents the first certified defense that both scales to large networks and datasets (such as Google's Inception network for ImageNet) and applies broadly to arbitrary model types. Our defense, called PixelDP, is based on a novel connection between robustness against adversarial examples and differential privacy, a cryptographically-inspired privacy formalism, that provides a rigorous, generic, and flexible foundation for defense.
Tsai, Ming-Hsien, Wang, Bow-Yaw, Yang, Bo-Yin.  2017.  Certified Verification of Algebraic Properties on Low-Level Mathematical Constructs in Cryptographic Programs. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. :1973–1987.
Mathematical constructs are necessary for computation on the underlying algebraic structures of cryptosystems. They are often written in assembly language and optimized manually for efficiency. We develop a certified technique to verify low-level mathematical constructs in X25519, the default elliptic curve Diffie-Hellman key exchange protocol used in OpenSSH. Our technique translates an algebraic specification of mathematical constructs into an algebraic problem. The algebraic problem in turn is solved by the computer algebra system Singular. The proof assistant Coq certifies the translation and solution to algebraic problems. Specifications about output ranges and potential program overflows are translated to SMT problems and verified by SMT solvers. We report our case studies on verifying arithmetic computation over a large finite field and the Montgomery Ladderstep, a crucial loop in X25519.
Maunero, Nicoló, Prinetto, Paolo, Roascio, Gianluca.  2019.  CFI: Control Flow Integrity or Control Flow Interruption? 2019 IEEE East-West Design Test Symposium (EWDTS). :1–6.

Runtime memory vulnerabilities, especially present in widely used languages as C and C++, are exploited by attackers to corrupt code pointers and hijack the execution flow of a program running on a target system to force it to behave abnormally. This is the principle of modern Code Reuse Attacks (CRAs) and of famous attack paradigms as Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP), which have defeated the previous defenses against malicious code injection such as Data Execution Prevention (DEP). Control-Flow Integrity (CFI) is a promising approach to protect against such runtime attacks. Recently, many CFI solutions have been proposed, with both hardware and software implementations. But how can a defense based on complying with a graph calculated a priori efficiently deal with something unpredictable as exceptions and interrupt requests? The present paper focuses on this dichotomy by analysing some of the CFI-based defenses and showing how the unexpected trigger of an interrupt and the sudden execution of an Interrupt Service Routine (ISR) can circumvent them.

Abera, Tigist, Asokan, N., Davi, Lucas, Ekberg, Jan-Erik, Nyman, Thomas, Paverd, Andrew, Sadeghi, Ahmad-Reza, Tsudik, Gene.  2016.  C-FLAT: Control-Flow Attestation for Embedded Systems Software. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :743–754.

Remote attestation is a crucial security service particularly relevant to increasingly popular IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a remote, and potentially malware-infected, device (prover). Most existing approaches are static in nature and only check whether benign software is initially loaded on the prover. However, they are vulnerable to runtime attacks that hijack the application's control or data flow, e.g., via return-oriented programming or data-oriented exploits. As a concrete step towards more comprehensive runtime remote attestation, we present the design and implementation of Control-FLow ATtestation (C-FLAT) that enables remote attestation of an application's control-flow path, without requiring the source code. We describe a full prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone hardware security extensions. We evaluate C-FLAT's performance using a real-world embedded (cyber-physical) application, and demonstrate its efficacy against control-flow hijacking attacks.

Tang, Yuzhe, Zou, Qiwu, Chen, Ju, Li, Kai, Kamhoua, Charles A., Kwiat, Kevin, Njilla, Laurent.  2018.  ChainFS: Blockchain-Secured Cloud Storage. 2018 IEEE 11th International Conference on Cloud Computing (CLOUD). :987–990.
This work presents ChainFS, a middleware system that secures cloud storage services using a minimally trusted Blockchain. ChainFS hardens the cloud-storage security against forking attacks. The ChainFS middleware exposes a file-system interface to end users. Internally, ChainFS stores data files in the cloud and exports minimal and necessary functionalities to the Blockchain for key distribution and file operation logging. We implement the ChainFS system on Ethereum and S3FS and closely integrate it with FUSE clients and Amazon S3 cloud storage. We measure the system performance and demonstrate low overhead.
Mulhem, S., Adi, W., Mars, A., Prevelakis, V..  2017.  Chaining trusted links by deploying secured physical identities. 2017 Seventh International Conference on Emerging Security Technologies (EST). :215–220.
Efficient trust management between nodes in a huge network is an essential requirement in modern networks. This work shows few generic primitive protocols for creating a trusted link between nodes by deploying unclonable physical tokens as Secret Unknown Ciphers. The proposed algorithms are making use of the clone-resistant physical identity of each participating node. Several generic node authentication protocols are presented. An intermediate node is shown to be usable as a mediator to build trust without having influence on the resulting security chain. The physical clone-resistant identities are using our early concept of Secret Unknown Cipher (SUC) technique. The main target of this work is to show the particular and efficient trust-chaining in large networks when SUC techniques are involved.
Alhuzali, Abeer, Eshete, Birhanu, Gjomemo, Rigel, Venkatakrishnan, V.N..  2016.  Chainsaw: Chained Automated Workflow-based Exploit Generation. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :641–652.

We tackle the problem of automated exploit generation for web applications. In this regard, we present an approach that significantly improves the state-of-art in web injection vulnerability identification and exploit generation. Our approach for exploit generation tackles various challenges associated with typical web application characteristics: their multi-module nature, interposed user input, and multi-tier architectures using a database backend. Our approach develops precise models of application workflows, database schemas, and native functions to achieve high quality exploit generation. We implemented our approach in a tool called Chainsaw. Chainsaw was used to analyze 9 open source applications and generated over 199 first- and second-order injection exploits combined, significantly outperforming several related approaches.

Okuno, S., Asai, H., Yamana, H..  2014.  A challenge of authorship identification for ten-thousand-scale microblog users. Big Data (Big Data), 2014 IEEE International Conference on. :52-54.

Internet security issues require authorship identification for all kinds of internet contents; however, authorship identification for microblog users is much harder than other documents because microblog texts are too short. Moreover, when the number of candidates becomes large, i.e., big data, it will take long time to identify. Our proposed method solves these problems. The experimental results show that our method successfully identifies the authorship with 53.2% of precision out of 10,000 microblog users in the almost half execution time of previous method.

Wang, Ju, Abari, Omid, Keshav, Srinivasan.  2018.  Challenge: RFID Hacking for Fun and Profit. Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. :461–470.

Passive radio frequency identification (RFID) tags are ubiquitous today due to their low cost (a few cents), relatively long communication range (\$$\backslash$sim\$7-11\textasciitildem), ease of deployment, lack of battery, and small form factor. Hence, they are an attractive foundation for environmental sensing. Although RFID-based sensors have been studied in the research literature and are also available commercially, manufacturing them has been a technically-challenging task that is typically undertaken only by experienced researchers. In this paper, we show how even hobbyists can transform commodity RFID tags into sensors by physically altering (`hacking') them using COTS sensors, a pair of scissors, and clear adhesive tape. Importantly, this requires no change to commercial RFID readers. We also propose a new legacy-compatible tag reading protocol called Differential Minimum Response Threshold (DMRT) that is robust to the changes in an RF environment. To validate our vision, we develop RFID-based sensors for illuminance, temperature, touch, and gestures. We believe that our approach has the potential to open up the field of batteryless backscatter-based RFID sensing to the research community, making it an exciting area for future work.

Azakami, T., Shibata, C., Uda, R..  2017.  Challenge to Impede Deep Learning against CAPTCHA with Ergonomic Design. 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC). 1:637–642.

Once we had tried to propose an unbreakable CAPTCHA and we reached a result that limitation of time is effect to prevent computers from recognizing characters accurately while computers can finally recognize all text-based CAPTCHA in unlimited time. One of the existing usual ways to prevent computers from recognizing characters is distortion, and adding noise is also effective for the prevention. However, these kinds of prevention also make recognition of characters by human beings difficult. As a solution of the problems, an effective text-based CAPTCHA algorithm with amodal completion was proposed by our team. Our CAPTCHA causes computers a large amount of calculation costs while amodal completion helps human beings to recognize characters momentarily. Our CAPTCHA has evolved with aftereffects and combinations of complementary colors. We evaluated our CAPTCHA with deep learning which is attracting the most attention since deep learning is faster and more accurate than existing methods for recognition with computers. In this paper, we add jagged lines to edges of characters since edges are one of the most important parts for recognition in deep learning. In this paper, we also evaluate that how much the jagged lines decrease recognition of human beings and how much they prevent computers from the recognition. We confirm the effects of our method to deep learning.

Wang, W.-C., Ho, C.-C., Chang, Y.-M., Chang, Y.-H..  2020.  Challenges and Designs for Secure Deletion in Storage Systems. 2020 Indo – Taiwan 2nd International Conference on Computing, Analytics and Networks (Indo-Taiwan ICAN). :181–189.
Data security has risen to be one of the most critical concerns of computer professionals. Tighter legal requirements now exist for the purpose of protecting user data from unauthorized uses and for both preserving and erasing/sanitizing data records to meet legal compliance requirements. To meet the data security requirement, many secure (data) deletion techniques have been proposed to deal with the data security concerns from different system layers. This paper surveys the state-of-the-art secure deletion techniques that have been designed to pursue higher efficiency, verifiability, and portability for emerging types of hard disk drives and flash-based solid-state drives. Meanwhile, the pros and cons of implementing secure deletion in different system layers are also discussed, so as to assist in pursuing better secure deletion designs for future storage systems.
Mamun, A. Al, Mamun, M. Abdullah Al, Shikfa, A..  2018.  Challenges and Mitigation of Cyber Threat in Automated Vehicle: An Integrated Approach. 2018 International Conference of Electrical and Electronic Technologies for Automotive. :1–6.
The technological development of automated vehicles opens novel cybersecurity threats and risks for road safety. Increased connectivity often results in increased risks of a cyber-security attacks, which is one of the biggest challenges for the automotive industry that undergoes a profound transformation. State of the art studies evaluated potential attacks and recommended possible measures, from technical and organizational perspective to face these challenges. In this position paper, we review these techniques and methods and show that some of the different solutions complement each other while others overlap or are even incompatible or contradictory. Based on this gap analysis, we advocate for the need of a comprehensive framework that integrates technical and organizational mitigation measures to enhance the cybersecurity of automotive vehicles.
Al-Waisi, Zainab, Agyeman, Michael Opoku.  2018.  On the Challenges and Opportunities of Smart Meters in Smart Homes and Smart Grids. Proceedings of the 2Nd International Symposium on Computer Science and Intelligent Control. :16:1-16:6.

Nowadays, electricity companies have started applying smart grid in their systems rather than the conventional electrical grid (manual grid). Smart grid produces an efficient and effective energy management and control, reduces the cost of production, saves energy and it is more reliable compared to the conventional grid. As an advanced energy meter, smart meters can measure the power consumption as well as monitor and control electrical devices. Smart meters have been adopted in many countries since the 2000s as they provide economic, social and environmental benefits for multiple stakeholders. The design of smart meter can be customized depending on the customer and the utility company needs. There are different sensors and devices supported by dedicated communication infrastructure which can be utilized to implement smart meters. This paper presents a study of the challenges associated with smart meters, smart homes and smart grids as an effort to highlight opportunities for emerging research and industrial solutions.

Dixit, Vaibhav Hemant, Kyung, Sukwha, Zhao, Ziming, Doupé, Adam, Shoshitaishvili, Yan, Ahn, Gail-Joon.  2018.  Challenges and Preparedness of SDN-based Firewalls. Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. :33–38.

Software-Defined Network (SDN) is a novel architecture created to address the issues of traditional and vertically integrated networks. To increase cost-effectiveness and enable logical control, SDN provides high programmability and centralized view of the network through separation of network traffic delivery (the "data plane") from network configuration (the "control plane"). SDN controllers and related protocols are rapidly evolving to address the demands for scaling in complex enterprise networks. Because of the evolution of modern SDN technologies, production networks employing SDN are prone to several security vulnerabilities. The rate at which SDN frameworks are evolving continues to overtake attempts to address their security issues. According to our study, existing defense mechanisms, particularly SDN-based firewalls, face new and SDN-specific challenges in successfully enforcing security policies in the underlying network. In this paper, we identify problems associated with SDN-based firewalls, such as ambiguous flow path calculations and poor scalability in large networks. We survey existing SDN-based firewall designs and their shortcomings in protecting a dynamically scaling network like a data center. We extend our study by evaluating one such SDN-specific security solution called FlowGuard, and identifying new attack vectors and vulnerabilities. We also present corresponding threat detection techniques and respective mitigation strategies.

Muller, T., Walz, A., Kiefer, M., Doran, H. Dermot, Sikora, A..  2018.  Challenges and prospects of communication security in real-time ethernet automation systems. 2018 14th IEEE International Workshop on Factory Communication Systems (WFCS). :1–9.
Real-Time Ethernet has become the major communication technology for modern automation and industrial control systems. On the one hand, this trend increases the need for an automation-friendly security solution, as such networks can no longer be considered sufficiently isolated. On the other hand, it shows that, despite diverging requirements, the domain of Operational Technology (OT) can derive advantage from high-volume technology of the Information Technology (IT) domain. Based on these two sides of the same coin, we study the challenges and prospects of approaches to communication security in real-time Ethernet automation systems. In order to capitalize the expertise aggregated in decades of research and development, we put a special focus on the reuse of well-established security technology from the IT domain. We argue that enhancing such technology to become automation-friendly is likely to result in more robust and secure designs than greenfield designs. Because of its widespread deployment and the (to this date) nonexistence of a consistent security architecture, we use PROFINET as a showcase of our considerations. Security requirements for this technology are defined and different well-known solutions are examined according their suitability for PROFINET. Based on these findings, we elaborate the necessary adaptions for the deployment on PROFINET.
Ali, Syed Ahmed, Memon, Shahzad, Sahito, Farhan.  2018.  Challenges and Solutions in Cloud Forensics. Proceedings of the 2018 2Nd International Conference on Cloud and Big Data Computing. :6-10.

Cloud computing is cutting-edge platform in this information age, where organizations are shifting their business due to its elasticity, ubiquity, cost-effectiveness. Unfortunately the cyber criminals has used these characteristics for the criminal activities and victimizing multiple users at the same time, by their single exploitation which was impossible in before. Cloud forensics is a special branch of digital forensics, which aims to find the evidences of the exploitation in order to present these evidences in the court of law and bring the culprit to accountability. Collection of evidences in the cloud is not as simple as the traditional digital forensics because of its complex distributed architecture which is scattered globally. In this paper, various issues and challenges in the field of cloud forensics research and their proposed solutions have been critically reviewed, summarized and presented.

Friese, I., Heuer, J., Ning Kong.  2014.  Challenges from the Identities of Things: Introduction of the Identities of Things discussion group within Kantara initiative. Internet of Things (WF-IoT), 2014 IEEE World Forum on. :1-4.

The Internet of Things (IoT) becomes reality. But its restrictions become obvious as we try to connect solutions of different vendors and communities. Apart from communication protocols appropriate identity management mechanisms are crucial for a growing IoT. The recently founded Identities of Things Discussion Group within Kantara Initiative will work on open issues and solutions to manage “Identities of Things” as an enabler for a fast-growing ecosystem.

Mohan, Naveen, Torngren, Martin, Izosimov, Viacheslav, Kaznov, Viktor, Roos, Per, Svahn, Johan, Gustavsson, Joakim, Nesic, Damir.  2016.  Challenges in Architecting Fully Automated Driving; with an Emphasis on Heavy Commercial Vehicles. 2016 Workshop on Automotive Systems/Software Architectures (WASA). :2–9.

Fully automated vehicles will require new functionalities for perception, navigation and decision making -- an Autonomous Driving Intelligence (ADI). We consider architectural cases for such functionalities and investigate how they integrate with legacy platforms. The cases range from a robot replacing the driver -- with entire reuse of existing vehicle platforms, to a clean-slate design. Focusing on Heavy Commercial Vehicles (HCVs), we assess these cases from the perspectives of business, safety, dependability, verification, and realization. The original contributions of this paper are the classification of the architectural cases themselves and the analysis that follows. The analysis reveals that although full reuse of vehicle platforms is appealing, it will require explicitly dealing with the accidental complexity of the legacy platforms, including adding corresponding diagnostics and error handling to the ADI. The current fail-safe design of the platform will also tend to limit availability. Allowing changes to the platforms, will enable more optimized designs and fault-operational behaviour, but will require initial higher development cost and specific emphasis on partitioning and control to limit the influences of safety requirements. For all cases, the design and verification of the ADI will pose a grand challenge and relate to the evolution of the regulatory framework including safety standards.

Pandey, Ashutosh, Khan, Rijwan, Srivastava, Akhilesh Kumar.  2018.  Challenges in Automation of Test Cases for Mobile Payment Apps. 2018 4th International Conference on Computational Intelligence Communication Technology (CICT). :1–4.
Software Engineering is a field of new challenges every day. With every passing day, new technologies emerge. There was an era of web Applications, but the time has changed and most of the web Applications are available as Mobile Applications as well. The Mobile Applications are either android based or iOS based. To deliver error free, secure and reliable Application, it is necessary to test the Applications properly. Software testing is a phase of software development life cycle, where we test an Application in all aspects. Nowadays different type of tools are available for testing an Application automatically but still we have too many challenges for applying test cases on a given Application. In this paper the authors will discuss the challenges of automation of test cases for a Mobile based payment Application.
Fukushima, Keishiro, Nakamura, Toru, Ikeda, Daisuke, Kiyomoto, Shinsaku.  2018.  Challenges in Classifying Privacy Policies by Machine Learning with Word-based Features. Proceedings of the 2Nd International Conference on Cryptography, Security and Privacy. :62–66.

In this paper, we discuss challenges when we try to automatically classify privacy policies using machine learning with words as the features. Since it is difficult for general public to understand privacy policies, it is necessary to support them to do that. To this end, the authors believe that machine learning is one of the promising ways because users can grasp the meaning of policies through outputs by a machine learning algorithm. Our final goal is to develop a system which automatically translates privacy policies into privacy labels [1]. Toward this goal, we classify sentences in privacy policies with category labels, using popular machine learning algorithms, such as a naive Bayes classifier.We choose these algorithms because we could use trained classifiers to evaluate keywords appropriate for privacy labels. Therefore, we adopt words as the features of those algorithms. Experimental results show about 85% accuracy. We think that much higher accuracy is necessary to achieve our final goal. By changing learning settings, we identified one reason of low accuracies such that privacy policies include many sentences which are not direct description of information about categories. It seems that such sentences are redundant but maybe they are essential in case of legal documents in order to prevent misinterpreting. Thus, it is important for machine learning algorithms to handle these redundant sentences appropriately.

Abbasi, Ali, Wetzels, Jos, Holz, Thorsten, Etalle, Sandro.  2019.  Challenges in Designing Exploit Mitigations for Deeply Embedded Systems. 2019 IEEE European Symposium on Security and Privacy (EuroS P). :31–46.

Memory corruption vulnerabilities have been around for decades and rank among the most prevalent vulnerabilities in embedded systems. Yet this constrained environment poses unique design and implementation challenges that significantly complicate the adoption of common hardening techniques. Combined with the irregular and involved nature of embedded patch management, this results in prolonged vulnerability exposure windows and vulnerabilities that are relatively easy to exploit. Considering the sensitive and critical nature of many embedded systems, this situation merits significant improvement. In this work, we present the first quantitative study of exploit mitigation adoption in 42 embedded operating systems, showing the embedded world to significantly lag behind the general-purpose world. To improve the security of deeply embedded systems, we subsequently present μArmor, an approach to address some of the key gaps identified in our quantitative analysis. μArmor raises the bar for exploitation of embedded memory corruption vulnerabilities, while being adoptable on the short term without incurring prohibitive extra performance or storage costs.

Abeykoon, I., Feng, X..  2019.  Challenges in ROS Forensics. 2019 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computing, Scalable Computing Communications, Cloud Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). :1677—1682.

The usage of robot is rapidly growth in our society. The communication link and applications connect the robots to their clients or users. This communication link and applications are normally connected through some kind of network connections. This network system is amenable of being attached and vulnerable to the security threats. It is a critical part for ensuring security and privacy for robotic platforms. The paper, also discusses about several cyber-physical security threats that are only for robotic platforms. The peer to peer applications use in the robotic platforms for threats target integrity, availability and confidential security purposes. A Remote Administration Tool (RAT) was introduced for specific security attacks. An impact oriented process was performed for analyzing the assessment outcomes of the attacks. Tests and experiments of attacks were performed in simulation environment which was based on Gazbo Turtlebot simulator and physically on the robot. A software tool was used for simulating, debugging and experimenting on ROS platform. Integrity attacks performed for modifying commands and manipulated the robot behavior. Availability attacks were affected for Denial-of-Service (DoS) and the robot was not listened to Turtlebot commands. Integrity and availability attacks resulted sensitive information on the robot.

Lian, Y..  2015.  Challenges in the design of self-powered wearable wireless sensors for healthcare Internet-of-Things. 2015 IEEE 11th International Conference on ASIC (ASICON). :1–4.

The design of low power chip for IoT applications is very challenge, especially for self-powered wireless sensors. Achieving ultra low power requires both system level optimization and circuit level innovation. This paper presents a continuous-in-time and discrete-in-amplitude (CTDA) system architecture that facilitates adaptive data rate sampling and clockless implementation for a wireless sensor SoC.

Aal, Konstantin, Mouratidis, Marios, Weibert, Anne, Wulf, Volker.  2016.  Challenges of CI Initiatives in a Political Unstable Situation - Case Study of a Computer Club in a Refugee Camp. Proceedings of the 19th International Conference on Supporting Group Work. :409–412.

This poster describes the research around computer clubs in Palestinian refugee camps and the various lessons learned during the establishment of this intervention such the importance of the physical infrastructure (e.g. clean room, working hardware), soft technologies (e.g. knowledge transfer through workshops), social infrastructure (e.g. reliable partners in the refugee camp, partner from the university) and social capital (e.g. shared vision and values of all stakeholders). These important insights can be transferred on other interventions in similar unstable environments.

Gupta, A., Mehrotra, A., Khan, P. M..  2015.  Challenges of Cloud Computing amp; Big Data Analytics. 2015 2nd International Conference on Computing for Sustainable Global Development (INDIACom). :1112–1115.

Now-a-days for most of the organizations across the globe, two important IT initiatives are: Big Data Analytics and Cloud Computing. Big Data Analytics can provide valuables insight that can create competitiveness and generate increased revenues. Cloud Computing can enhance productivity and efficiencies thus reducing cost. Cloud Computing offers groups of servers, storages and various networking resources. It enables environment of Big Data to processes voluminous, high velocity and varied formats of Big Data.